php crypt function

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: David P. Schwartz
Date:  
Subject: php crypt function
wrote:

> \_ I need something I can use in a URL link.
> \_
> \_ http://www.myserver.com/phpscript.php?arg1=lkjlkjlkjlkjlkjlkjsdfsdfsdfsdfsdfsdf&arg2=LKJLKJLKJLKJLKJLKJSDFSDFSDFSDFSDFSDF
> \_
> \_ How does it look?
> A bit longish....


that's my point.

> \_ Some browsers
> Did you mean "mail user agents" here? Like outlook? The rest of my
> discussion assumes so.


well, both actually. But "mail user agents" fits.

> \_ truncate long URLs, some stretch them out so they're
> \_ still valid if you click on them. Most users are too stupid
> You're on your way to becoming a BOFH.


BOFH? (probably not too good)

I ran into a guy recently who runs his email program so narrow that there wasn't room for this:

http://www.mysite.com/abcdefgh/myscript.php3?xyz=pp12345678901

When he clicked the link, the word-wrapping truncated the URL just after the '='. He got an error mesage from the script. I told him
he needs to make sure the entire URL is there. He said, "Why don't you just make the thing shorter? I don't want to have to muck with
stuff like this. If it doesn't work, I'm not going to bother with it!"

I'm getting rid of the abcdefgh/ part (it was temporary anyway), and I've shortened the script names, but what more can I do? An MD5
hash isn't going to make it any shorter.

> \_ notice if they're wrapped and they need to copy and paste into a
> \_ browser window. Given the random nature of characters in the hash,
> \_ it's impractical to ask them to type them in by hand.
> \_
> \_ Any suggestions?
> Can you fold arg1 and arg2 into a single arg and go md5 on that?
> You could build your own hashing algorithm....


I'm already folding multiple args.

> Also, be aware of evil hashes that start with '3D'. Why is that a
> problem, I hear you ask? Well, consider what happens when you have:
>
> http://foo.com/foo.php?arg=3D234....
>
> Looks normal to me and you, but if you get it filtered through a
> quoted printable MUA through whatever means, you'll get it confused as
> http://foo.com/foo.php?arg=234.... or
> http://foo.com/foo.php?arg=3D3D2343... which is uncool. (Because
> quoted printable uses = as an escape, and =3D is the escape for '='.)
> Trust me.


good point, thanks. I typically use two alpha chars as the salt.

> \_ > aaaaaa two of us! I knew I should have stayed away from the cloning
> \_ > lab photocopier.
> \_
> \_ Is that YOUR face I see when the bathroom mirror is all steamed up? :-)
> Yup, just me and Alice on this side of the looking glass.
>
> David
>


Would that make me something like ... the chesire cat?